HACKERS STEAL DATA ON THE F-35, C-130, P-8 AND JDAM FROM AUSTRALIAN DEFENSE CONTRACTOR

“The compromise was extensive and extreme, it included information on the F-35, C-130, P-8, JDAM and few naval vessels,” Mitchell Clarke, Australian Signals Directorate manager

Sloppy cyber-security practices has allowed hackers to steal data on the F-35, C-130, P-8 and JDAM from an Australian defense contractor.

As reported by News.com.au, Dan Tehan, the minister in charge of cyber security, said that hackers spent months downloading sensitive information about Australia’s warplanes, navy ships and bomb kits.

Forensic investigations by the Australian Signals Directorate (ASD) found the company was using default passwords on its internet facing services.

But the hackers gained access by exploiting a vulnerability with the firm’s IT helpdesk portal.

As explained by Mitchell Clarke, ASD incident response manager, hackers targeted a small aerospace engineering company with about 50 employees in July last year. He said the firm was subcontracted four levels down from defence contracts. “The compromise was extensive and extreme,” Mr Clarke told the Australian Information Security Association national conference in audio obtained by a freelance journalist called Stilgherrian.
“It included information on the (F-35) Joint Strike Fighter, C-130 (Hercules aircraft), the P-8 Poseidon (surveillance aircraft), joint direct attack munition (JDAM smart bomb kits) and a few naval vessels.”

According to Clarke the information hacked on the new Navy ships included a diagram in which you could zoom in down to the captain’s chair and see that it was one metre away from the navigation chair. He also described the security breach as “sloppy admin:” in fact the organisation not only had just one IT person but also that the person was new to the job.

An Australian Cyber Security Centre spokesperson said the information released by the ASD staffer, who actually works for the centre, was commercially sensitive but unclassified. “While the Australian company is a national-security linked contractor and the information disclosed was commercially sensitive, it was unclassified,” they said in a statement. “The government does not intend to discuss further the details of this cyber incident.”

Photo credit: Master Sgt. John Gordinier / U.S. Air Force and Royal Australian Air Force

As is common practice with almost all professional websites this site uses cookies, which are tiny files that are downloaded to your computer, to improve your experience. By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.